package com.zlb.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.http.HttpStatus;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;

public class AnyRolesAuthorizationFilter extends AuthorizationFilter {

  @Override
  protected void postHandle(ServletRequest request, ServletResponse response) {
    request.setAttribute("anyRolesAuthFilter.FILTERED", true);
  }

  @Override
  protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse,
      Object mappedValue) {
    Boolean afterFiltered = (Boolean) (servletRequest.getAttribute("anyRolesAuthFilter.FILTERED"));
    if (BooleanUtils.isTrue(afterFiltered)) {
      return true;
    }
    Subject subject = getSubject(servletRequest, servletResponse);
    String[] rolesArray = (String[]) mappedValue;
    if (rolesArray == null || rolesArray.length == 0) { //没有角色限制，有权限访问
      return true;
    }
    for (String role : rolesArray) {
      if (subject.hasRole(role)) {//若当前用户是rolesArray中的任何一个，则有权限访问
        return true;
      }
    }
    return false;
  }

  @Override
  protected boolean onAccessDenied(ServletRequest request, ServletResponse response) {
    HttpServletResponse httpResponse = WebUtils.toHttp(response);
    httpResponse.setCharacterEncoding("UTF-8");
    httpResponse.setContentType("application/json;charset=utf-8");
    httpResponse.setStatus(HttpStatus.SC_UNAUTHORIZED);
    return false;
  }

}
